Cyber-criminals becoming increasingly professional

Report from Symantec finds that cyber-criminals are reaching same level of sophistication as nation-state hackers.

Cyber-criminals targeting the UK are becoming increasingly professional and have a sophistication almost on par with nation-state hackers, according to a recently published report.

According to Symantec's annual Internet Security Threat Report (ISTR), there has also been an increase of 125 percent in zero-day vulnerabilities globally, with half a billion records lost as a result of data breaches.

The report also ranked the UK as the most targeted nation for spear-phishing attacks, and second most targeted nation with social media scams. The country was also ranked as third most targeted nation for ransomware.

According to the report, criminals are adopting corporate best practices and establishing professional businesses to increase the efficiency of their attacks against enterprises and consumers. It said that this spanned the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fuelling the growth of online crime.

These more professional criminals were among the first to use zero-day vulnerabilities, using them either for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditised.

The report said that malware had increased at a “staggering rate”, with 430 million new malware variants discovered in 2015. It added that the volume of malware proved that professional cyber-criminals are leveraging their vast resources in an attempt to overwhelm defences and enter corporate networks.

“Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off,” said Kevin Haley, director, Symantec Security Response. “We are even seeing low-level criminal attackers create call centre operations to increase the impact of their scams.”

Ransomware attacks also increased by 35 percent with this form of attack broadening its attacks beyond PCs to smartphones, Mac and Linux systems, with the UK suffering up to 2215 attacks per day, the third highest in the world.

Fake technical support scams saw a 200 percent increase last year, with the UK the second most targeted nation globally, suffering 7,672,112 attacks in 2015.

Rob Holmes, SVP and general manager of email fraud protection at Return Path, told SC Magazine that the UK is a prime target for cyber-criminals due to the fact that a growing number of businesses are moving online.

“We are seeing a trend of small, medium and large organisations engage with their customers in the email channel and some financial services organisations are rejecting operating in the physical world altogether, choosing instead to operate digitally,” he said.

Jonathan Martin, EMEA operations director at Anomali, told SCMagazineUK.com that the only reason the UK would be the most targeted nation for spear-phishing attacks is because attacks are working, and criminals are seeing an above average number of click-throughs as a result of previous spear phishing.

“Remember that there are various degrees of customisation and personalisation that go into a spear-phishing attack. At the sophisticated end, criminals will handcraft messages to targeted individuals and will include code with a specific, possibly exact, purpose. Towards the less sophisticated end, criminals will craft messages that may look personalised but are sent to a larger number of recipients,” he said.

Piers Wilson, head of product management at Huntsman Security, said the best approach to remaining secure is to monitor systems in real-time for any unusual activity or suspicious behaviour that could indicate a breach is in progress.

“This can enable security teams to sweep in and shut down any access before hackers can do any serious harm. Furthermore, in light of the growth in the volume of attacks, these systems will also need to be embedded with artificial intelligence that enables much of the resolution process to be automated, freeing up security teams to concentrate on tackling the most severe threats.”